Permalink
Browse files

Change over to using Authen::SASL v2.00, which is now distributed

in a separate distribution
  • Loading branch information...
1 parent 8a9aefa commit 559989dfec90a46924fb70b2cb342ec8c6a13091 @gbarr gbarr committed Feb 18, 2002
Showing with 30 additions and 202 deletions.
  1. +0 −5 MANIFEST
  2. +5 −1 Makefile.PL
  3. +0 −1 htdocs/index.xml
  4. +0 −57 lib/Authen/SASL.pm
  5. +0 −57 lib/Authen/SASL.pod
  6. +0 −39 lib/Authen/SASL/CRAM_MD5.pm
  7. +0 −32 lib/Authen/SASL/EXTERNAL.pm
  8. +15 −4 lib/Net/LDAP.pm
  9. +10 −6 lib/Net/LDAP/Bind.pm
View
@@ -42,7 +42,6 @@ data/slapd-conf.in
data/slapd.at.conf
data/slapd.oc.conf
data/slapd2-conf.in
-htdocs/Authen/SASL.html
htdocs/Bundle/Net/LDAP.html
htdocs/Net/LDAP.html
htdocs/Net/LDAP/Constant.html
@@ -71,10 +70,6 @@ htdocs/Net/LDAPS.html
htdocs/index.html
htdocs/index.xml
install-nomake
-lib/Authen/SASL.pm
-lib/Authen/SASL.pod
-lib/Authen/SASL/CRAM_MD5.pm
-lib/Authen/SASL/EXTERNAL.pm
lib/Bundle/Net/LDAP.pm
lib/LWP/Protocol/ldap.pm
lib/Net/LDAP.pm
View
@@ -1,5 +1,5 @@
# The -*- perl -*- script writes the Makefile for perl-ldap
-# $Id: Makefile.PL,v 1.7 2001/12/03 16:20:26 gbarr Exp $
+# $Id: Makefile.PL,v 1.8 2002/02/18 16:51:41 gbarr Exp $
use 5.004;
use ExtUtils::MakeMaker;
@@ -71,6 +71,10 @@ check_module('MIME::Base64') or print <<"EDQ","\n";
The MIME::Base64 module is needed ONLY IF you intend to read/write LDIF files
EDQ
+check_module('Authen::SASL', 2.00) or print <<"EDQ","\n";
+If you intend to use SASL authentication you need at least version 2.00
+EDQ
+
print "\n",<<"EDQ","\n" if $missing;
****************************************************************************
You are missing some modules that MAY be needed for some of the features
View
@@ -49,7 +49,6 @@
<section>
<title>Other</title>
<group>
- <module>Authen::SASL</module>
<module>Bundle::Net::LDAP</module>
</group>
</section>
View
@@ -1,57 +0,0 @@
-# Copyright (c) 1998 Graham Barr <gbarr@pobox.com>. All rights reserved.
-# This program is free software; you can redistribute it and/or
-# modify it under the same terms as Perl itself.
-
-package Authen::SASL;
-
-use strict;
-use vars qw($VERSION);
-
-$VERSION = "0.11";
-
-sub new {
- my $pkg = shift;
- my $type = shift;
- my %opt = @_;
- $pkg .= "::" . $type;
- $pkg =~ s/-/_/g;
- eval "require $pkg" or die;
- my $self = bless {}, $pkg;
-
- $self->init(\%opt);
-}
-
-sub init {
- %{$_[0]} = (%{$_[0]},%{$_[1]});
- $_[0];
-}
-
-sub name {
- my $name = ref($_[0]) || $_[0];
- $name =~ s/.*:://;
- $name =~ s/_/-/g;
- uc($name);
-}
-
-sub user {
- my $self = shift;
- my $user = $self->{'user'};
- $self->{'user'} = "$_[0]" if @_;
- $user;
-}
-
-sub challenge {
- my $self = shift;
- my $string = shift;
- my $resp = $self->response($string);
- $self->encode($string,$resp);
-}
-
-sub initial {
- my $self = shift;
- my $initial = $self->{'initial'};
- $self->{'initial'} = shift if @_;
- $initial;
-}
-
-1;
View
@@ -1,57 +0,0 @@
-
-=head1 NAME
-
-Authen::SASL - SASL Authentication base class
-
-=head1 SYNOPSIS
-
- use Authen::SASL;
-
- $sasl = Authen::SASL->new('CRAM-MD5', password => $pass);
-
-=head1 DESCRIPTION
-
-SASL is a generic mechanism for authentication used by several
-network protocols. B<Authen::SASL> provides an implementation
-that all protocols should be able to share.
-
-There are many different encryption methods that can be used
-with SASL. These are implemented as sub-classes of B<Authen::SASL>.
-For example the package that implements the CRAM-MD5 SASL is
-called Authen::SASL::CRAM_MD5. Note that the - is eplaced with an
-_. Authen::SASL::CRAM_MD5 also inherits from B<Authen::SASL>.
-This means that the following two statements give identical results
-
- $sasl = Authen::SASL->new('CRAM-MD5', password => $pass);
-
- $sasl = Authen::SASL::CRAM_MD5->new(password => $pass);
-
-the difference being that the frst one will load the Authen::SASL::CRAM_MD5
-package for you when this code is run for the first time. If you use the
-second method then you must require the package yourself.
-
-=head1 METHODS
-
-=head1 SEE ALSO
-
-L<Authen::SASL::CRAM_MD5>
-
-=head1 AUTHOR
-
-Graham Barr <gbarr@pobox.com>
-
-Please report any bugs, or post any suggestions, to the perl-ldap mailing list
-<perl-ldap-dev@lists.sourceforge.net>
-
-=head1 COPYRIGHT
-
-Copyright (c) 1998-2000 Graham Barr. All rights reserved. This program is
-free software; you can redistribute it and/or modify it under the same
-terms as Perl itself.
-
-=for html <hr>
-
-I<$Id: SASL.pod,v 1.3 2001/08/24 19:31:14 gbarr Exp $>
-
-=cut
-
@@ -1,39 +0,0 @@
-# Copyright (c) 1998 Graham Barr <gbarr@pobox.com>. All rights reserved.
-# This program is free software; you can redistribute it and/or
-# modify it under the same terms as Perl itself.
-
-package Authen::SASL::CRAM_MD5;
-
-use vars qw(@ISA $VERSION);
-use Digest::HMAC_MD5 qw(hmac_md5_hex);
-use strict;
-
-$VERSION = "0.32";
-
-@ISA = qw(Authen::SASL);
-
-sub init {
- my $self = shift;
- my $opt = shift;
- $self->SUPER::init($opt);
- $self->{'response'} = defined $opt->{'password'}
- ? $opt->{'password'}
- : defined $opt->{'response'}
- ? $opt->{'response'}
- : undef;
- $self;
-}
-
-sub name { "CRAM-MD5" }
-
-sub response {
- my $self = shift;
- my $string = shift;
- defined $self->{'response'} ? $self->{'response'} : "";
-}
-
-sub encode {
- $_[0]->user . " " . hmac_md5_hex($_[1],$_[2]);
-}
-
-1;
@@ -1,32 +0,0 @@
-# Copyright (c) 1998 Graham Barr <gbarr@pobox.com> and 2001 Chris Ridd
-# <chris.ridd@messagingdirect.com>. All rights reserved. This program
-# is free software; you can redistribute it and/or modify it under the
-# same terms as Perl itself.
-
-package Authen::SASL::EXTERNAL;
-
-use vars qw(@ISA $VERSION);
-use strict;
-
-$VERSION = "0.01";
-
-@ISA = qw(Authen::SASL);
-
-sub init {
- my $self = shift;
- my $opt = shift;
- $self->SUPER::init($opt);
- $self;
-}
-
-sub name { "EXTERNAL" }
-
-sub response {
- "";
-}
-
-sub encode {
- $_[0]->user;
-}
-
-1;
View
@@ -239,15 +239,26 @@ sub bind {
my $sasl = $passwd;
# Tell the SASL object our user identifier
- $sasl->user("dn: $dn") unless $sasl->user;
+ $sasl->callback( user => "dn: $stash{name}")
+ unless $sasl->callback('user');
+
+ my $sasl_conn = $sasl->client_new("ldap",$ldap->{net_ldap_host});
+
+ # Tell SASL the local and server IP addresses
+ $sasl_conn->property(
+ sockname => $ldap->{net_ldap_socket}->sockname,
+ peername => $ldap->{net_ldap_socket}->peername,
+ );
+
+ my $initial = $sasl_conn->client_start;
$passwd = {
- mechanism => $sasl->name,
- credentials => $sasl->initial
+ mechanism => $sasl_conn->mechanism,
+ credentials => $initial
};
# Save data, we will need it later
- $mesg->_sasl_info($stash{name},$control,$sasl);
+ $mesg->_sasl_info($stash{name},$control,$sasl_conn);
}
$stash{authentication} = { $auth_type => $passwd };
View
@@ -5,7 +5,7 @@
package Net::LDAP::Bind;
use strict;
-use Net::LDAP qw(LDAP_SASL_BIND_IN_PROGRESS LDAP_DECODING_ERROR);
+use Net::LDAP qw(LDAP_SASL_BIND_IN_PROGRESS LDAP_DECODING_ERROR LDAP_SUCCESS);
use Net::LDAP::Message;
use vars qw(@ISA);
@@ -23,26 +23,30 @@ sub decode {
or $self->set_error(LDAP_DECODING_ERROR,"LDAP decode error")
and return;
+ my $sasl = $self->{sasl};
+ my $ldap = $self->parent;
+
+ $ldap->{net_ldap_socket} = $sasl->securesocket($ldap->{net_ldap_socket})
+ if $sasl and $bind->{resultCode} == LDAP_SUCCESS;
+
return $self->SUPER::decode($result)
unless $bind->{resultCode} == LDAP_SASL_BIND_IN_PROGRESS;
# tell our LDAP client to forget us as this message has now completed
# all communications with the server
- $self->parent->_forgetmesg($self);
+ $ldap->_forgetmesg($self);
$self->{mesgid} = Net::LDAP::Message->NewMesgID(); # Get a new message ID
- my $sasl = $self->{sasl};
- my $ldap = $self->parent;
- my $resp = $sasl->challenge($bind->{serverSaslCreds});
+ my $resp = $sasl->client_step($bind->{serverSaslCreds});
$self->encode(
bindRequest => {
version => $ldap->version,
name => $self->{dn},
authentication => {
sasl => {
- mechanism => $sasl->name,
+ mechanism => $sasl->mechanism,
credentials => $resp
}
},

0 comments on commit 559989d

Please sign in to comment.